27663afe |
1 | <?php |
21b8ca51 |
2 | /** |
3 | * MySQL change password backend |
4 | * |
5 | * @author Thijs Kinkhorst <kink@squirrelmail.org> |
6 | * @version $Id$ |
7 | * @package plugins |
8 | * @subpackage change_password |
27663afe |
9 | */ |
10 | |
11 | /** |
12 | * Config vars |
13 | */ |
14 | |
15 | global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field, |
4165198d |
16 | $mysql_password_field, $mysql_manager_id, $mysql_manager_pw, |
17 | $mysql_saslcrypt, $mysql_unixcrypt, $mysql; |
27663afe |
18 | |
4165198d |
19 | // Initialize defaults |
27663afe |
20 | $mysql_server = 'localhost'; |
21 | $mysql_database = 'email'; |
22 | $mysql_table = 'users'; |
23 | |
24 | // The names of the user ID and password columns |
25 | $mysql_userid_field = 'id'; |
26 | $mysql_password_field ='password'; |
27 | |
28 | // The user to log into MySQL with (must have rights) |
29 | $mysql_manager_id = 'email_admin'; |
30 | $mysql_manager_pw = 'xxxxxxx'; |
31 | |
4165198d |
32 | // saslcrypt checked first - if it is 1, UNIX crypt is not used. |
33 | $mysql_saslcrypt = 0; // use MySQL password() function |
34 | $mysql_unixcrypt = 0; // use UNIX crypt() function |
35 | |
36 | if ( isset($mysql) && is_array($mysql) && !empty($mysql) ) |
37 | { |
38 | foreach ( $mysql as $key => $value ) |
39 | { |
40 | if ( isset(${'mysql_'.$key}) ) |
41 | ${'mysql_'.$key} = $value; |
91e0dccc |
42 | } |
4165198d |
43 | } |
27663afe |
44 | |
45 | // NO NEED TO CHANGE ANYTHING BELOW THIS LINE |
46 | |
47 | global $squirrelmail_plugin_hooks; |
91e0dccc |
48 | $squirrelmail_plugin_hooks['change_password_dochange']['mysql'] = |
49 | 'cpw_mysql_dochange'; |
27663afe |
50 | |
51 | /** |
52 | * This is the function that is specific to your backend. It takes |
53 | * the current password (as supplied by the user) and the desired |
54 | * new password. It will return an array of messages. If everything |
55 | * was successful, the array will be empty. Else, it will contain |
56 | * the errormessage(s). |
57 | * Constants to be used for these messages: |
58 | * CPW_CURRENT_NOMATCH -> "Your current password is not correct." |
59 | * CPW_INVALID_PW -> "Your new password contains invalid characters." |
60 | * |
91e0dccc |
61 | * @param array data The username/currentpw/newpw data. |
27663afe |
62 | * @return array Array of error messages. |
63 | */ |
64 | function cpw_mysql_dochange($data) |
65 | { |
66 | // unfortunately, we can only pass one parameter to a hook function, |
67 | // so we have to pass it as an array. |
68 | $username = $data['username']; |
69 | $curpw = $data['curpw']; |
70 | $newpw = $data['newpw']; |
71 | |
72 | $msgs = array(); |
73 | |
74 | global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field, |
4165198d |
75 | $mysql_password_field, $mysql_manager_id, $mysql_manager_pw, |
76 | $mysql_saslcrypt, $mysql_unixcrypt; |
27663afe |
77 | |
78 | $ds = mysql_pconnect($mysql_server, $mysql_manager_id, $mysql_manager_pw); |
79 | if (! $ds) { |
80 | array_push($msgs, _("Cannot connect to Database Server, please try later!")); |
4165198d |
81 | return $msgs; |
27663afe |
82 | } |
83 | if (!mysql_select_db($mysql_database, $ds)) { |
84 | array_push($msgs, _("Database not found on server")); |
4165198d |
85 | return $msgs; |
27663afe |
86 | } |
87 | |
88 | $query_string = 'SELECT ' . $mysql_userid_field . ',' . $mysql_password_field |
89 | . ' FROM ' . $mysql_table |
90 | . ' WHERE ' . $mysql_userid_field . '="' . mysql_escape_string($username) .'"' |
4165198d |
91 | . ' AND ' . $mysql_password_field; |
92 | |
93 | if ($mysql_saslcrypt) { |
94 | $query_string .= '=password("'.mysql_escape_string($curpw).'")'; |
95 | } elseif ($mysql_unixcrypt) { |
96 | $query_string .= '=encrypt("'.mysql_escape_string($curpw).'", '.$mysql_password_field . ')'; |
97 | } else { |
98 | $query_string .= '="' . mysql_escape_string($curpw) . '"'; |
99 | } |
100 | |
27663afe |
101 | $select_result = mysql_query($query_string, $ds); |
102 | if (!$select_result) { |
103 | array_push($msgs, _("SQL call failed, try again later.")); |
91e0dccc |
104 | return $msgs; |
27663afe |
105 | } |
106 | |
107 | if (mysql_num_rows($select_result) == 0) { |
108 | array_push($msgs, CPW_CURRENT_NOMATCH); |
109 | return $msgs; |
110 | } |
111 | if (mysql_num_rows($select_result) > 1) { |
112 | //make sure we only have 1 uid |
113 | array_push($msgs, _("Duplicate login entries detected, cannot change password!")); |
114 | return $msgs; |
115 | } |
116 | |
4165198d |
117 | $update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field; |
118 | |
119 | if ($mysql_saslcrypt) { |
120 | $update_string .= '=password("'.mysql_escape_string($newpw).'")'; |
121 | } elseif ($mysql_unixcrypt) { |
122 | $update_string .= '=encrypt("'.mysql_escape_string($newpw).'", '.$mysql_password_field . ')'; |
123 | } else { |
124 | $update_string .= '="' . mysql_escape_string($newpw) . '"'; |
125 | } |
126 | $update_string .= ' WHERE ' . $mysql_userid_field . ' = "' . mysql_escape_string($username) . '"'; |
127 | |
27663afe |
128 | if (!mysql_query($update_string, $ds)) { |
129 | array_push($msgs, _("Password change was not successful!")); |
130 | } |
131 | |
132 | return $msgs; |
91e0dccc |
133 | } |